Semalt botnet hijacked nearly 300k computers
Posted on 03.09.2014
The “Semalt" botnet is quickly spreading across the Internet, Incapsula researchers warn.

The botnet is named after a Ukrainian startup that poses as a legitimate online SEO service, and it currently numbers around 290,000 malware infected machines that continually spam millions of websites in a large-scale, referrer spam campaign.

The goal of referrer spam is to create backlinks to a specific URL by abusing publicly-available access logs.

Semalt - and other offenders that engage in this kind of practice - use script bots that ignore the robots exclusion standard (the site's robots.txt file that gives instructions to web crawlers) and spam the server with requests.


"The process is fairly straightforward. The bots access hundreds of thousands of websites in bulk, sending out requests with a synthetically-generated 'Referrer' header. Each of these headers contains the website URL the perpetrators are trying to boost," researcher Ofer Gayer explained.

"All such requests are automatically recorded in access logs, creating a HTML referrer link. These links are then crawled by search engines, while accessing these publicly-available HTML resources."

This artificially improves search engine rankings of the company's customers, which in time "can cause long-term SEO damage to websites, ranging from demotion in search engine result pages (SERP) to complete SERP blacklisting and removal."

To perform all of this, the company uses a botnet generated by malware hidden in a utility called “Soundfrost,” and includes machines on over 290,000 different IP addresses around the world. Nearly 60 percent of those machines are located in Brazil.

The Semalt bot is an effective beast, as it bypasses common bot detection and filtering methods, and the botnet allows it to circumvent IP blacklisting and rate-limiting protection.

With all this in mind, Incapsula has begun blocking Semalt bots by default for all of its accounts, and hopes other will follow their lead.









Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals it’s our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Sep 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //